Versions Compared

Old Version 45

changes.mady.by.user mhodges

Saved on

compared with

New Version 46

changes.mady.by.user Julio Polo

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Element Name

uhReleasedGrouping

Description

Allow application developers to implement a central authorization management resource, UH Groupings, outside of their applications. This reduces the amount of custom code to write and support and provides for the reuse of Groupings across multiple applications and services.

This attribute asserts UH Grouping memberships as needed.  UH Grouping memberships can be used to assert who is authorized to access an application and/or can be used to control which functions and information an individual may access while using an applicationThis has all the released groupings that a person belongs to.  Each such grouping represents an application or function for which all grouping members have been authorized.


Tip

UH Groupings owners may select this attribute as an optional "synchronization destination" in order to make membership information available to CAS-enabled applications

You can leverage UH Groupings as a central authorization management resource.  Basically, you create groupings to represent who is authorized to do something in your application, then release those groupings by choosing uhReleasedGrouping as a sync destinationNow your application, can simply look for your own groupings when this attribute is returned by CAS/LDAP.  It is simple, and you do not need to write or maintain your own authorization code or authorization data.


Warning

While membership updates to a UH Grouping are usually reflected in this attribute within 2 minutes, updates can it could take much longer when Grouper is under heavy load.


As an added convenience, ITS provides various uhReleasedGrouping values available for general use (this page is restricted to the UH community).

UH Data Classification

Restricted per Executive Policy 2.214

LDAP Attribute Info

  • Name: uhReleasedGrouping
  • OID: 1.3.6.1.4.1.2160.1.1.1.66
  • Indexing: yes (equality,substring)
  • Required: no
  • Multivalued: yes(1)

Required Format for Storage

string(256), format: {a..z}{A..Z}{0..9}{:-._+=}

Example Stored Data(2)

manoa-campus-arboretum-club-members

obf:ffa3423857510105ea8927332792387392892349324bdf892ada

hawaii.edu:store:uhims:general:mfa-enabled

Systems of Record 

Notes

  1. There is no significance to the order of appearance. No assumptions can be made about the contents of the first row, for example.
  2. The full path of the grouping won't be used.  Only the group id, the last component of the colon-separated path will be used.  The namespace is controlled to avoid collisions even if the full path is not used here.
  3. Information on the UH Groupings service is available: UH Groupings.
  4. Information on the CAS service is available: UH Web Login Service.
  5. This attribute may indicate that a person is a student, which is FERPA-protected information, hence the "Restricted" data classification.

...